#ifndef AUTH_MANAGER_H
#define AUTH_MANAGER_H

#include "../../include/gudb.h"
#include <stdint.h>
#include <stdbool.h>
#include <pthread.h>

// Authentication methods
#define AUTH_METHOD_NATIVE_PASSWORD       0
#define AUTH_METHOD_CACHING_SHA2_PASSWORD 1

// User roles
#define ROLE_ADMIN      "admin"
#define ROLE_READ_WRITE "read_write"
#define ROLE_READ_ONLY  "read_only"

// Permission types
#define PERM_SELECT 0x01
#define PERM_INSERT 0x02
#define PERM_UPDATE 0x04
#define PERM_DELETE 0x08
#define PERM_CREATE 0x10
#define PERM_DROP   0x20
#define PERM_ALTER  0x30
#define PERM_GRANT  0x40

// Maximum limits
#define MAX_USERNAME_LEN 32
#define MAX_PASSWORD_LEN 64
#define MAX_TABLENAME_LEN 64
#define MAX_HASH_LEN 64
#define MAX_SALT_LEN 16

// Hash types
typedef enum {
    HASH_TYPE_SHA256,
    HASH_TYPE_SHA2_CACHING,
    HASH_TYPE_PLAIN  // For testing only
} hash_type_t;

// User account structure
typedef struct auth_user {
    char username[MAX_USERNAME_LEN];
    char password_hash[MAX_HASH_LEN];
    char salt[MAX_SALT_LEN];
    hash_type_t hash_type;
    char role[16];
    bool is_active;
    uint64_t created_time;
    uint64_t last_login;
    uint32_t failed_login_attempts;
    bool is_locked;
    
    struct auth_user* next; // Linked list
} auth_user_t;

// Table permission structure
typedef struct table_permission {
    char username[MAX_USERNAME_LEN];
    char table_name[MAX_TABLENAME_LEN];
    uint8_t permissions; // Bitmask of PERM_* constants
    
    struct table_permission* next; // Linked list
} table_permission_t;

// Session information
typedef struct auth_session {
    char username[MAX_USERNAME_LEN];
    char role[16];
    uint64_t session_id;
    uint64_t login_time;
    uint64_t last_activity;
    bool is_authenticated;
    
    struct auth_session* next; // Linked list
} auth_session_t;

// Authentication manager structure
typedef struct auth_manager {
    auth_user_t* users;             // User list
    table_permission_t* permissions; // Permission list
    auth_session_t* sessions;       // Active sessions
    
    uint32_t user_count;
    uint32_t permission_count;
    uint32_t session_count;
    
    // Configuration
    uint32_t max_failed_attempts;
    uint32_t session_timeout;       // In seconds
    bool enforce_password_policy;
    
    // Statistics
    uint64_t total_logins;
    uint64_t failed_logins;
    uint64_t permission_checks;
    uint64_t permission_denials;
    
    pthread_mutex_t mutex;
} auth_manager_t;

// Password policy structure
typedef struct {
    uint32_t min_length;
    bool require_uppercase;
    bool require_lowercase;
    bool require_numbers;
    bool require_special_chars;
} password_policy_t;

// Authentication manager API
auth_manager_t* auth_init(void);
int auth_cleanup(auth_manager_t* auth);

// User management
int auth_create_user(auth_manager_t* auth, const char* username, const char* password, 
                    const char* role, hash_type_t hash_type);
int auth_delete_user(auth_manager_t* auth, const char* username);
int auth_update_password(auth_manager_t* auth, const char* username, const char* new_password);
int auth_lock_user(auth_manager_t* auth, const char* username);
int auth_unlock_user(auth_manager_t* auth, const char* username);
auth_user_t* auth_find_user(auth_manager_t* auth, const char* username);

// Authentication
int auth_authenticate(auth_manager_t* auth, const char* username, const char* password, 
                     uint64_t* session_id);
int auth_logout(auth_manager_t* auth, uint64_t session_id);
auth_session_t* auth_find_session(auth_manager_t* auth, uint64_t session_id);
int auth_validate_session(auth_manager_t* auth, uint64_t session_id);

// Permission management
int auth_grant_table_permission(auth_manager_t* auth, const char* username, 
                               const char* table_name, uint8_t permissions);
int auth_revoke_table_permission(auth_manager_t* auth, const char* username, 
                                const char* table_name, uint8_t permissions);
int auth_check_permission(auth_manager_t* auth, uint64_t session_id, 
                         const char* table_name, uint8_t permission);

// Role-based permissions
int auth_get_role_permissions(const char* role, uint8_t* default_permissions);
int auth_assign_role(auth_manager_t* auth, const char* username, const char* role);
const char* auth_get_user_role(auth_manager_t* auth, const char* username);

// Password hashing and validation
int auth_hash_password(const char* password, const char* salt, hash_type_t type, 
                      char* hash_output, size_t hash_len);
int auth_generate_salt(char* salt, size_t salt_len);
int auth_verify_password(const char* password, const char* hash, const char* salt, 
                        hash_type_t type);
int auth_validate_password_policy(const char* password, const password_policy_t* policy);

// Session management
uint64_t auth_generate_session_id(void);
int auth_cleanup_expired_sessions(auth_manager_t* auth);
int auth_update_session_activity(auth_manager_t* auth, uint64_t session_id);

// MySQL protocol support
int auth_mysql_native_password(const char* password, const char* salt, 
                               char* response, size_t response_len);
int auth_mysql_caching_sha2_password(const char* password, const char* salt,
                                     char* response, size_t response_len);

// Persistence
int auth_save_to_file(auth_manager_t* auth, const char* filename);
int auth_load_from_file(auth_manager_t* auth, const char* filename);

// Utility functions
void auth_print_stats(const auth_manager_t* auth);
void auth_print_users(const auth_manager_t* auth);
void auth_print_permissions(const auth_manager_t* auth);
int auth_export_users(auth_manager_t* auth, const char* filename);

// Audit logging
int auth_log_event(auth_manager_t* auth, const char* username, const char* event, 
                  const char* details, bool success);

// Permission string utilities
const char* auth_permission_to_string(uint8_t permissions);
uint8_t auth_string_to_permission(const char* perm_str);

#endif // AUTH_MANAGER_H